[PVE-User] PVE Cluster: New authentication is required to access each node from GUI
Frank Thommen
f.thommen at dkfz-heidelberg.de
Sun Jan 26 02:28:25 CET 2020
The time it was. It was off by a few minutes between two of the servers
but off by several hours on the third.
I don't like ntpd anyway and I will probably replace it by chronyd.
Thanks for the hint.
Cheers, frank
On 25/01/2020 18:32, Gianni Milo wrote:
> Things I would check or modify...
>
> - output of 'pvecm s' and 'pvecm n' commands.
> - syslog on each node for any clues.
> - ntp.
> - separate cluster (corosync) network from storage network (i.e In your
> case, use --link2, LAN).
>
> G.
>
>
> On Sat, 25 Jan 2020 at 15:44, Frank Thommen <f.thommen at dkfz-heidelberg.de>
> wrote:
>
>> Dear all,
>>
>> I have installed a 3-node PVE cluster as instructed on
>> https://pve.proxmox.com/pve-docs/chapter-pvecm.html (usung commandline).
>> When I now connect via GUI to one node and select one of the other
>> nodes, I get a "401" error message and then I am asked to authenticate
>> to the other node. So to see all nodes from all other nodes via GUI I
>> would have to authenticate nine times. I don't think that is as it
>> should be ;-). I would assume that once I am logged in on the GUI of one
>> of the cluster nodes, I can look at the other two nodes w/o additional
>> authentication from this GUI.
>>
>> The situation is somehow similar to the one described on
>>
>> https://forum.proxmox.com/threads/3-node-cluster-permission-denied-invalid-pve-ticket-401.56038/,
>>
>> but the suggested "pvecm updatecerts" (run on each node) only helped for
>> a short time. After a reboot of the nodes I am back to the potential
>> nine authentications.
>>
>> My three nodes are connected through a full 10GE mesh
>> (https://pve.proxmox.com/wiki/Full_Mesh_Network_for_Ceph_Server) using
>> broadcast bonds. This mesh will finally also be used for Ceph. I
>> configured this mesh to be the cluster network (--link0). As fallback
>> (--link1) I used the regular LAN.
>>
>> Does anyone have an idea what could be wrong and how this could be
>> fixed? Could the mesh with the broadcast bonds be the problem? If yes,
>> should I use an other type of mesh? Unfortunately a full dedicated
>> PVE-only network with a switch is not an option. I can either use a
>> mesh or the regular LAN in the datacenter.
>>
>> The systems are running PVE 6.1-3.
>>
>> Any help or hint is appreciated.
>>
>> Cheers
>> frank
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
More information about the pve-user
mailing list